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A server, system and method for providing access to a public network tlirough an 
internal network of a multi-system operator 

Field of the Invention: 

5 

This invention relates to public network access, more specifically, to a 
server, system and method for providing access to a public network through an 
internal network of a multi-system operator 

10 Background of the Invention 

To date, most providers of high speed Internet provisioning systems connect 
a local area network (LAN) to the Internet through an on-site or local Internet 
provisioning server. This local provisioning server provisions, authenticates and 

15 provides a billing interface for Internet service. On the internal side of the LAN, the 
LAN site must offer some means of connecting the internal network traffic and 
routing it through a central system of the LAN. The internal side of the LAN may be 
made up of structured wiring/switches, digital subscriber line (DSL) technologies, 
wireless 802. 11 devices, Ethernet over coaxial cables, and other hybrid systems to 

20 provide network connectivity to the LAN users. The Internet provisioning server 
connects directly to a router, which acts as a local connection to the Internet. 

There exists some multi-system operators (MSOs) offering high-speed 
Internet services through their internal networks. For example, some cable TV 
service providers offer high-speed Internet services through their cable modem 

25 networks for cable TV services. A cable modem network is a network of cable 
modems. A cable modem allows a. user computer to connect with the Internet 
through the cable modem network. 

A nomadic user computer is often pre-configured to connect with a company 
network or other network which is foreign to the internal network of a multi-system 

30 operator. Thus, the user computer cannot operate on the internal network as it is. 

For example, in a conventional cable modem network, a user computer that 
is configured to a foreign network cannot operate on the cable modem network. 
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The user needs to modify the network configuration settings of the user computer 
to match, those of the cable modem network. Adding a new user computer to the 
cable modem network usually involves system configuration changes and 
assistance from a technical support resource. 
5 It is, therefore, desirable to provide a new system and method, which allows 

users to receive Internet services through an internal network of a multi-system 
operator, such as cable modem network, while maintaining their computers' 
pre-configured network settings for a foreign network. 

10 Summary of the Invention: 

It is an object of the invention to provide a novel system and method that 
obviates or mitigates at least one of the disadvantages of the existing systems. 

The invention assigns to clients addresses that reflect the location of a client 

15 on a network. Traffic to or from an external network, such as Internet web traffic, is 
intercepted and forced through provisioning, authentication, registration and/or 
billing mechanisms prior to granting access to the external network. 

In accordance with an aspect of the present invention, there is provided a 
network service management server for managing network services for an internal 

20 network operated by a multi-system operator, the internal network being formed 
with network entities. The network service management server comprises a 
registration driver, an address assignment handler and an information handler. 
The registration driver is provided at a selected location of the internal network for 
registering a client connecting to one of the network entities. The address 

25 assignment handler is provided at the selected location of the internal network for 
assigning to the client an address associated with the one of the network entities to 
which the client is connected. The information handler is provided for handling 
information relating to network services for the client based on the assigned 
address. 

30 In accordance with another aspect of the invention, there is provided a 

network service management server for managing Internet services for a cable 
modem network having multiple cable modems and Cable Modem Termination 
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Systems (CMTSs) for communicating with connected cable modems. The network 
service management server comprises a registration driver, an address 
assignment handler and an information handler. The registration driver is provided 
at a selected location of the cable modem network for registering a client 
5 connecting to one of the cable modems. The address assignment handler is 

provided at the selected location of the cable modem network for assigning to the 
client a client address associated with the one of the cable modems to which the 
client is connected. The information handler is provided for handling information 
relating to Internet services for the client based on the assigned client address. 

10 In accordance with another aspect of the invention, there is provided a 

method of managing network services for an internal network operated by a 
multi-system operator, the internal network being formed with network entities. The 
method comprising the steps of registering, at a selected location of the internal 
network, a client connecting to one of the network entities, assigning to the client an 

15 address associated with the one of the network entities to which the client is 
connected; and handling information relating to network services for the client 
based on the assigned address. 

In accordance with another aspect of the invention, there is provided a 
computer readable medium storing the instructions or statements for use in the 

20 execution in a computer of the method of managing . network services for an internal 
network operated by a multi-system operator, the internal network being formed 
with network entities. 

In accordance with another aspect of the invention, there is provided 
electronic signals for use in the execution in a computer of the method of managing 

25 network services for an internal network operated by a multi-system operator, the 
internal network being formed with network entities. 

In accordance with another aspect of the invention, there is provided a 
computer program product for use in the execution in a computer a method of 
managing network services for an internal network operated by a multi-system 

30 operator, the internal network being formed with network entities. The computer 
program product comprises a module for registering, at a selected location of the 
internal network, a client connecting to one of the network entities, a module for 
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assigning to the client an address associated with the one of the network entities to 
which the client is connected and a module for handling information relating to 
network services for the client based on the assigned address. 

Other aspects and features of the present invention will be readily apparent 
5 to those skilled in the art from a review of the following detailed description of 
preferred embodiments in conjunction with the accompanying drawings. 

Brief Description of the Drawings: 

10 The invention will be further understood from the following description with 

reference to the drawings in which: 

Figure 1A is a block diagram showing an IP provisioning system in 
accordance with an embodiment of the invention; 

Figure 1 B is a block diagram showing a network service management server 
15 in accordance with an embodiment of the present invention; 

Figure 1C is a flow block showing an operation of the network service 
management server; 

Figure 2 is a block diagram showing an example of the network service 
management server of Figure 1 B; 
20 Figure 3 is a block diagram showing a network service management server 

in accordance with another embodiment of the invention; 

Figure 4 is a block diagram showing a network service management server 
in accordance with another embodiment of the invention; 

Figure 5 is a block diagram showing one example of the registration driver 
25 of Figure 2; 

Figure 6 is a block diagram showing other components or functionalities of 
the network service management server; 

Figure 7 is a block diagram showing one example of the location resolution 
handler of Figure 2; and 
30 Figure 8 is a block diagram showing another embodiment of the invention 

used in a different network. 
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Tlie invention is suitably used for an internal network operated by a 
multi-system operator (MSO). The internal network comprises multiple network 
5 entities for connecting clients and routing client traffic. The invention allows 
management of external public network service offerings, such as the internet 
service offerings, to the clients through the internal network. 

Embodiments of the present invention are now described for a cable modem 
network operated by a cable TV service company. However, the present invention 
10 may be applied to different types of internal networks of MSOs, such as but not 
limited to Digital Subscriber Line (DSL) networks. 

Figure 1A shows an IP provisioning system 2 for a cable modem network 10 
in accordance with an embodiment of the present invention. The cable modem 
network 1 0 may be a new or existing network that comprises cable modems 1 8 and 
15 Cable Modem Termination Systems (CMTSs) 14. 

The IP provisioning system 2 is provided at the cable head-end of the cable 
modem network 10 in a central site of a cable company operating the cable modem 
network 10, typically in or near a cable company Network Operating Center (NOC) 
16 where CMTSs 14 are provided. The IP provisioning system 2 acts as a gateway 
20 to the Internet 24 for the cable modem network 10. 

The cable modem network 10 provides connectivity to multiple cable 
modems 18. Cable modems 18 may be wired or wireless cable modems. 

A group of cable modems 18 is located in a local property 16, such as hotels, 
convention centers, public Internet locations such as coffee shops, waiting rooms, 
25 airports and other properties which provide Internet services to users. 

Each cable modem 18 has one or more ports or interfaces, each to accept 
connection with user's Customer Premise Equipment (CPE)120, such as a laptop 
computer, personal digital assistant (PDA) device or other Internet sen/ice access 
device. 

30 Cable modems 18 are connected to CMTSs 14 residing in the NOC 6. One 

or more cable modems 18 may be connected to a single CMTS 14. 

A CMTS 14 is capable of communicating with cable modems 18 connected 
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to the CMTS 14, receiving signals sent upstreann from CPEs 20 associated with the 
connected cable modems 18, converting the signals into Internet Protocol (IP) 
packets and routing the signals for connection to the Internet 24, and sending 
signals downstream to the associated CPEs 20 through the cable modems 18. 
5 Also, the NOC 6 may also have one or more CMTSs 14 which communicate 

with one or more cable modems 18 individually for individual subscribers who do 
not belong to any local properties 16. Those CMTSs may bypass the IP 
provisioning system 2, if desired. 

Cable modems 14 which are connected to CMTSs 14 are sometimes 

10 referred to collectively as "clients" or "network entities", hereinafter. 

The IP provisioning system 2 has network provisioning functionalities, 
authentication functionalities, and billing service functionalities to perform network 
provisioning, authentication services and billing services. 

The network provisioning functionalities include functionality that performs 

15 provisioning of cable modems. Also included is a plug and play functionality that 
allows users to use their CPEs 20 configured for a foreign network and connect 
them to the Internet 24 through the cable modem network 10 without changing the 
network configuration settings. Examples of network applications used for Internet 
services include email, Virtual Private Network (VPN) connectivity, instant 

20 messaging, and Voice over IP. 

The authentication functionalities include a registration functionality that 
allows users to register their CPEs 20 at desired cable modems 18. The network 
service management server 4 does not need to provision any cable equipment in 
order to operate as an authenticating gateway for CPEs connected to a CMTS. 

25 The billing functionalities include client location resolution functionality that 

resolves a physical location of a cable modem 1 8 or its port to which a specific CPE 
20 is connected. The billing functionality allows the local property operator to bill 
each user based on a pay per use basis. These functionalities are further 
described below. 

30 The IP provisioning system 2 uses a network service management server 4 

and/or other servers to provide these functionalities. The network service 
management server 12 may act as a sole network provisioner or partial network 
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provisioner for any or all cable modems 18 and the CPEs 20 connected to the 
CMTSs 14. When the network service management server 4 acts as a sole 
network provisioner, it performs all three functionalities. When acting as a partial 
network provisioner, it shares some functionalities with other network service 
5 management server or other third party server or system. A network service 
management server 4 may maintain public access Internet service across the 
entire cable modem network 10, or may maintain public access Internet service to 
part of the cable modem network 10 for selected cable modems 18. 

Referring to Figure IB, an embodiment is described where the network 

10 service management server 4 is embodied by a network service management 

server 12 that acts as a sole network provisioner and performs network provisioning 
functionalities. This embodiment is described using a hotel as an example of a 
local property 16. For simplicity of the drawings, a single cable modem 18 is shown 
in the hotel 16, and a single CMTS 14 is shown in an NOC 6. 

15 The CMTS 14 may operate in Routing Mode for routing traffic, or Bridging 

Mode for bridging traffic. The CMTS 14 may also perform filtering and traffic 
shaping. Preferably, the CMTS 14 is a Data Over Cable Service Interface 
Specification (DOCSIS) compliant system. Also, preferably, the cable modem 18 is 
a DOCSIS compliant device. The network service management server 12 

20 identifies, collects and dynamically maintains information on each cable modem 18, 
and/or a group of cable modems and CPEs 

A nomadic user can connect a CPE 20 that is configured to a foreign 
network to the cable modem 18. The CPE 20 may be a Dynamic Host 
Configuration Protocol (DHCP) client CPE which does not have an IP address, or 

25 a statically configured client which has a static IP address assigned to it for the 
foreign network. The network service management system 12 can provide plug 
and play provisioning for statically configured client CPEs when the CMTS is 
operated in Bridging Mode, as described below. 

The network service management server 12 integrates with the cable 

30 modem network 10 to perform IP provisioning, authentication services and billing 
services for local property operators who subscribe to these services from the cable 
operator. Each point of connection to the cable modem network 10, e.g., each 
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point where a local property is connected, is configured to present custom 
interfaces suitable for the local property owner. Custom interfaces may include 
registration screens, fee schedules and Internet connection options, as further 
described below. 

5 These functionalities are contrblled and maintained by the network service 

management server 12 at the NOC 6. The cable company operator can assign 
different service offerings to individual cable modems or group of cable modems. 
Thus, for example, different hotels may provide different offerings to their 
customers. Also, different rooms in a hotel may have different offerings. 

10 Each cable modem 1 8 is identified by a unique Media Access Control (MAC) 

address. The information relating to each relevant cable modem 18, such as 
settings, billing schedules and connection options, is stored in a cable modem 
database 26. The stored information of each cable modem is linked to the MAC 
address of the cable modem. 

15 In Figure IB, the database 26 is provided separately from the network 

service management server 12. However, the database 26 may be provided in the 
network service management server 12. 

The cable company operator or other installer may install cable modems 18 
for a local property 16. The network service management server 12 tracks and 

20 maps each cable modem 18 to its physical location, such as a guest room in a hotel 
16. This mapping information, i.e., the physical location of the cable modem 18 is 
linked to the MAC address of the cable modem 18, and is also stored in the cable 
modem database 26. 

Using this mapping information, when a user connects a CPE 20 to a cable 

25 modem, the network service management server 12 can resolve the physical 
location, e.g., the guest room, from which the user connected the CPE 20 to the 
cable modem 18. 

The CPE 20 is thus provisioned and further authenticated by the network 
service management server 12. The network service management server 12 also 
30 manages and tracks billing information associated with the services offered through 
the cable modem network 1 0 for each CPE 20. The services offered by the network 
10 are billed on a pay per use basis (e.g., fixed time length, time based, bandwidth 
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usage, per minute usage). 

As each cable modem is managed individually, the local property and the 
cable company may customize presentation pages, such as a registration page, 
billing schedules and connection options, for each of the cable modems to have a 
5 localized look and feel as if the service is being provided at the local property. 

The network service management server 12 offers plug and play functionality 
for clients connecting their network CPEs 20 through a cable modem network. It 
offers nomadic users nomadic Internet service through the cable modem network. 
The network service management server 12 enables the users to maintain the 
10 pre-configured network settings of the CPEs to obtain such services. 

In order to provide this plug and play functionality, the network assigns a 
router-aware IP address to a CPE 20, and seamlessly redirects the CPE traffic to 
the external network, e.g., to the Internet 24. 

The server 12 provides transparent network access via two mechanisms: 
15 Network Address Translation (NAT): and Masquerading. 

NAT: Each internal system (client) is assigned a unique IP address by the 
network service management server 12, in order to provide network access to 
those internal systems. DHCP clients request such an IP address from the network 
server. Statically-addressied clients are not made aware of this unique IP address; 
20 instead, the network service management server 12 maintains an internal mapping 
of a statically-addressed client's static address to the unique IP address assigned 
to that client by the network service management server 12. 

The network service management server 12 can assign either private or 
public IP addresses to clients. Clients may choose to be assigned either a private 
25 or public address at registration time, or the network service management server 
12 can be configured to assign only public or addresses. When the internal network 
contains routers, the network service management server 12 can be configured to 
assign either all public or all private addresses to routed clients on a per-router 
basis. 

30 The network service management server's NAT module performs address 

translation on traffic to and from statically-addressed clients, by referring to the 
network service management server's internal mapping described above. 
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The network service management server 12 will masquerade traffic from 
clients which have been assigned private IP addresses, so that those clients* 
outbound traffic originates from the network service management server's external 
IP address. 

5 Masquerading: Each internal system appears to the outside world with the IP 

address of the server. This requires special protocol-aware handlers (proxies) for 
protocols like active-mode File Transfer Protocol (FTP), which try to create 
independent return connections back to the client, and also modifications are made 
to support Transmission Control Protocol (TCP) "connections" (stateful packet 
10 inspection). 

Thus, the user can access the Internet 24 without changing the network 
configurations of CPE 20. The assignment of router-aware IP address is further 
described below in connection with the registration of CPEs. 

To allow connection of CPEs 20, the network service management server 1 2 

15 also performs registration and authentication services. Prior to registration for the 
network service, any attempts to access the services across the Internet 24 are 
detected and intercepted by the network service management server 12. The 
network service management server 12 invites the CPE 20 to register for the 
network service. The network service management server 12 resolves the location 

20 of registered CPE 20 using the information stored in the cable modem database, 
as further described below. Using the location of the CPE 20 and registration 
information, the network service management server 12 performs billing services. 

Figure 1C shows an example of operation of the network service 
management server 12. In this embodiment, the network service management 

25 server 12 handles network traffic for DHCP, time of day (TOD), Domain Name 

System (DNS) and TFTP. The network traffic is passed through the cable modem 
18 and the CMTS 14. 

When new cable modems 18 are Installed or other certain events occur, the 
network service management server 12 receives a DHCP cable modem request 

30 and configuration request from each cable modem 18 (160). The network service 
management server 12 acts on these requests and provides modem configuration 
files based on the requests to the cable modems (162) by using, e.g., a Trivial File 
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Transfer Protocol (TFTP). The TFTP server configuration file includes information 
for the operating frequency, bandwidth iinnits, number of connections and 
Management Information Base (MIB) settings for the cable modem. The network 
service management server 12 stores the cable modem MAC address and the 
5 physical location in the cable modem database (164). Once all relevant cable 
modems are provisioned, the network service management server 12 is ready to 
handle network traffic from and to CPEs. 

A user connects a CPE 20 which is a DHCP client CPE to a cable modem 
18 and attempts to access Internet services by issuing a DHCP request (170), The 
10 network service management server 12 sends a DHCP response to the CPE 20 
(172). 

The network service management server 12 extracts the MAC address of 
the cable modem from the DHCP request (174), and can use this information to 
determine the physical location from which the CPE 20 is connected (176) referring 

15 to the mapping information stored in the modem database 26. Also, using this 
information, the network service management server 12 presents a custom 
interface, such as a billing fee schedule and connection options, to the CPE 20 
(178). Through the custom interface, the user requests registration of the CPE 20 
for Internet services (180) by sending information of selected options. The network 

20 service management server 12 registers and authenticates the CPE 20 (182). 

Once the CPE 20 is provisioned and authenticated for service, upstream 
Internet traffic from the CPE 20 to the Internet 24 is routed through the cable 
modem 18, CMTS 14, network service management server 12 and router 22. 
Downstream Internet traffic to the CPE 20 is routed from the Internet 24 through 

25 ' router 22, network service management server 12, CMTS 14 and cable modem 1 8. 
These steps are performed for each and every capable modem that is 
associated with the network service management server 12. This is available 
across the cable modem network. 

Referring to Figure 3, another embodiment is described where the network 

30 service management server 4 is embodied by a network service management 
server 13 that acts as a partial network provisioner and shares the provisioning 
functions with a third party provisioning system 30. The network service 
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management system 13 works with the third party system 30. The network service 
management system 13 can retrieve cable modem information from the third party 
system 30. Some IVISO operators require the network architecture include a third 
party commercial cable modem provisioning system 30. While provisioning of 
5 . some or all cable modems may be performed in the third party system 30, 

authentication, NAT, Proxy, billing, and Domain Name System (DNS) services take 
place on the network service management system 13 for the CPEs the network 
service management system 13 sees. The network service management system 
13 and the third party cable provisioning system 30 can serve DHCP and TFTP 
10 requests to the groups of cable modems associated to their respective provisioning 
system. 

The CMTS 14 is configured to route requests from CPE 20 to the network 
service management server 12 or the third party provisioning system 30 based on 
the MAC address of the cable modem 18. Thus, network traffic for DHCP, TOD, 
15 DNS, and TFTP is passed through the cable modem 18 and is sent to the third 
party provisioning system 30 or the network service management server 12. 

Referring to Figure 4, another embodiment is described where the network 
service management server 4 is embodied by a network service management 
server 1 5 that does not perform any network provisioning functions. Network traffic 
20 for DHCP, TOD, DNS and TFTP is passed through the cable modem 18 and is 
provisioned by a third party provisioning system 30. 

The third party provisioning system 30 handles the provisioning of the cable 
modems 18 and DHCP requests and configuration of the CPE 20. 

The network service management server 15 can retrieve the MAC address 
25 information and determines the physical location of the CPE from the CMTS 14 or 
from the third party provisioning system 30. The network service management 
system 12 can also perform authentication and billing functions without access to 
the CPE MAC address. 

In all embodiments shown in Figures IB, 3 and 4, once the CPE 20 is 
30 provisioned and authenticated for service, upstream Internet traffic from the CPE 
20 to the Internet 24 is routed through the cable modem 18, CMTS 14, network 
service management server 12, 13 or 15 and router 22. Downstream Internet traffic 
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to the CPE 20 is routed from the Internet 24 through router 22, network service 
management server 12, 13 or 15, CMTS 14 and cable modem 18. 

The network service management server 4 is further described in detail 
using the network service management server 12 shown in Figure IB, which has 
5 all three major functionalities of network provisioning, authentication and billing 
services. The network service management server 4 may have more or less 
functionalities or components than those described below. 

Figure 2 shows an example of components or functionalities of the network 
service management server 12. 

10 The network service management server 12 has a registration driver 40, a 

client entry store 41 , a DHCP server 42, a Network Address Translation (NAT) 
module 44, Simple Network Management Protocol (SNMP) daemon 46, a cable 
modem information handler 48, the cable modem database 26, a Trivial File 
Transfer Protocol (TFTP) server 50, a packet filter module 99 ,a location resolution 

15 component 52, a billing data handler 54, a billing database 56, client interface 
handler 58, an authentication handler 60, a CMTS handler 62 and graphical tools 
64. 

The registration driver 40 handles registration of CPEs and manages 
address information and other information of registered and unregistered CPEs 
20 stored in a client entry store 41 . 

The packet filter module 99 provides basic security blocking. It also 
intercepts web and email traffic for unregistered clients and initiates a redirection to 
the client interface handler. 

The DHCP server 42 assigns dynamic IP addresses to devices on the cable 
25 modem network, e.g., CPEs and Cable Modems. 

The NAT module 44 enables the cable modem network 10 to use one set of 
IP addresses for internal traffic and a second set of addresses for external traffic. 

The SNMP daemon 46 manages the cable modem network 10 by sending 
messages, called protocol data units (PDUs), to different parts of the network. 
30 SNMP-compliant devices, called agents, store data about themselves in 
Management Information Bases (MIBs) and return this data to the SNMP 
requesters. 
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The cable modem information handler 48 maps each cable modem 18 to a 
physical location and stores the mapping information in the cable modem database 
26. The cable modem mappings are further described below in detail. Also, it 
handles setting information relating to each cable modem 18, such as billing 
5 schedule and connection options, as described above. 

The TFTP server 50 provides TFTP provisioning service and sends 
configuration files to cable modems. In conjunction with the DHCP server 42, the 
TFTP server 50 can be used to send different configuration files to different 
modems or groups of modems. 
10 The location resolution handler 52 resolves physical locations of CPEs 20. 

The billing data handler 54 handles billing data of each CPE and stores the 
billing data in the billing database 56. 

The client interface handler 58 handles a client interface, such as 
presentation pages including registration pages and billing pages, for each local 
15 property based on the information and data handled by the cable modem 
information handler 48 and billing data handler 54. 

The authentication handler 60 handles authentication of CPEs 20 based on 
the information and data handled by the registration driver 40 and cable modem 
information handler 48. 
20 The CMTS handler 62 handles communication with CMTSs 14 and 

information of CMTSs. 

Graphical tools 64 including tools for allowing users to configure settings or 
modify information or data handled by other components, such as the cable 
modem information handler 48, billing data handler 54, CMTS handler 62 and 
25 registration driver 40. An example of tools 64 is a configuration tool that allows 
users to configure CMTS definition, the modem mapping, and address range 
assignment to routing CMTSs. 

The network service management server 12 operates with multiple bridging 
and routing CMTSs connected to the network service management server 12 
30 simultaneously. To this end, the network service management server 12 assigns 
specific CPE IP address ranges, cable modem IP address ranges and switch 
(maintenance) IP address ranges to each routing CMTS using the registration 
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driver 40. A switch IP address is an IP address for a managed network device. 
Tlie use of these IP addresses allows the network service management server 12 
to assign router-aware addresses to CPEs, modems, and network devices and 
thus allows operation of multiple routing CMTSs simultaneously. 
5 The registration driver 40 of Figure 2 is now described in detail. Figure 5 

shows an example of the registration driver 40. The registration driver 40 contains 
address assignment handler 80, router-aware address pools 82, a common 
bridged cable modem address pool 84, client entry handler 88, and a client entry 
store 41. 

10 The address assignment handler 80 assigns IP addresses to CPEs, cable 

modems and other network devices. Those IP addresses are selected from the 
CPE, cable modem and switch IP address ranges that are associated with specific 
routing CMTSs. 

The network service management system 12 supports multiple routing 
15 devices (routers), e.g., routing CMTSs. The address assignment handler 80 

assigns router-aware IP addresses to network devices. A router-aware IP address 
is an address which can be assigned to a network entity behind a particular router. 

Bridging CMTSs share a common pool 84 of cable modem IP addresses. 
The address assignment handler 80 assigns to bridged CPEs IP addresses from 
20 standard bridged client IP address ranges, i.e., normal unrouted IP address ranges 
The IP address assignment is described in detail first for the CMTS operating 
in Bridging Mode. 

A CPE IP address may be assigned as follows for a CPE having a fixed or 
static IP address that is configured for a foreign network. When the user connects 

25 a CPE to a cable modem and boots the CPE, an Address Resolution Protocol 
(ARP) request is generated to see if this fixed IP address is already in use. The 
ARP request contains the fixed IP address and a MAC address of the CPE. The 
network service management server picks up the ARP request and passes it to the 
packet driver 303 (shown in Figure 6). The packet driver 303 asks the registration 

30 driver 40 to look up this fixed IP address for the CPE MAC address. In this case, 
the registration driver 40 does not find a client entry having the CPE MAC address, 
and accordingly, the registration driver 40 transparently assigns to the CPE a new 
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IP address from the pool of IP addresses available for the CPE. The packet driver 
303 performs NAT on the ARP packet. The CPE becomes an owner of the 
assigned IP address on the cable modem network. The registration driver 40 
registers the CPE using the assigned IP address with the option of using the CPE 
5 MAC address. 

When the network service management server 12 receives a packet from the 
CPE, the packet contains the fixed IP address of the CPE and the CPE MAC 
address. The network service management server passes the packet to the packet 
driver 303. The packet driver 303 examines the packet and obtains the CPE MAC 

10 address. It looks up the client entry in the registration driver 40 using the CPE MAC 
address, and determines the assigned IP address associated with the MAC 
address. If the assigned IP address is different from the fixed IP address, the 
packet is NATed to include the assigned IP address, and then forwarded to the next 
stage for transmission to the destination. 

16 When the network service management server receives a packet from the 

Internet, the packet is passed from the packet filters to the ARP handler 307 
(shown in Figure 6). In this case, assume that the packet contains a CPE MAC 
address of the destined client. The ARP handler 307 looks up the CPE MAC 
address. The packet is passed on to the packet driver 303 that looks up the client 

20 entry for the CPE MAC address and determines the assigned IP address 

associated with the CPE MAC address. It thus identifies the CPE to which the 
packet is destined. If the assigned IP address is different from the fixed IP address 
of the CPE, the packet driver 303 performs NAT on the packet so that the packet 
contains the fixed IP address. The packet is then transmitted to the CPE. 

25 Thus, the CPE can use its fixed IP address to send and receive messages. 

The user does not need to change the IP address of the CPE to connect to the 
cable modem network. The user can access Internet services through the cable 
modem network without changing the network configurations, e.g. the IP address. 
The IP address assignment is now described in detail for the CMTS operating 

30 in Routing Mode. 

The assignment of addresses in other scenarios and determination of the 
CPE MAC are further described below. 
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Some existing routing CMTSs use publicly addressable IP addresses, such 
as ReallP (trade-mark). The network service nnanagement server 12 supports 
those publicly addressable IP addresses, including ReallP to use with those routing 
CMTSs. 

5 The address assignment handler 80 allows configuration of multiple, distinct 

router aware pools 82 of IP addresses by a system operator. Each router-aware IP 
address pool 82 comprises masqueraded and/or routable address ranges , and is 
assigned to a specific routing CMTS. 

Graphical tools 64 shown in Figure 2 includes a configuration tool which is 

10 used to define the router-aware CPE, cable modem, switch address pools 82 and 
the bridged cable modem address pool 84. Also, graphical tools 64 include a tool 
which is used to define IP address ranges for each CMTS. Similar tools may also 
be provided in the registration driver 40. 

When clients are registered, the client entry handler 88 updates the 

15 information of the clients in the client entry store 41 . 

Each client entry 68 is router-aware, i.e., contains a router MAC address. 
An IP packet has a source MAC address of the most recent router, regardless of 
how many routers that packet has traversed. The network service management 
server 12 considers the source MAC address of an IP packet to be the router MAC 

20 address of the client sending that packet. Thus, a router MAC address for a client 
is automatically and dynamically set to the source MAC in the most recent IP 
packet sent from the IP address of the client. Consequently, the network service 
management server 12 always knows if a client message is being routed (router 
MAC != client MAC), and which router that the client is behind, or if the client is 

25 bridged (router MAC = client MAC). 

Each IP packet also has a source IP address. The network service 
management server 12 considers the source IP address of the IP packet to be the 
client IP address. The network service management server 12 can determine the 
client MAC address by either examining DHCP packets sent from the client to the 

30 network service management server 12, or by querying a Management Information 
Base (MIB) on the router as described below. 
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Cable modems are considered by GMTSs as DHCP relay agents that 
relays DHCP messages to DHCP server 42 (Figure 2). Each client entry is also 
DHCP relay agent-aware, and contains a relay agent information (RAI) MAC 
address. 

5 When the client sends a DHCP option 82, the RAI MAC address is 

updated with the RAI MAC in the DHCP option 82 received from the client. A 
setting on most CMTSs enables the attachment of DHCP option 82 into DHCP 
DISCOVER packets which are forwarded by the CMTS to the other network 
devices, i.e., the network service management system 12 in this case. 

10 The RAI MAC is used in client location resolution as described below. The 

RAI MAC is also used as a means of determining if a network entity is a CPE (client 
MAC != RAI MAC) or cable modem (client MAC = RAI MAC). 

Accordingly, each client entry in the registration driver contains three MAC 
addresses: client MAC; router MAC; and RAI MAC. The combination of these three 

15 MACs provides the network service management system 12 with useful information 
about the client. 

Each client entry includes the original IP address ( in the case of a statically 
addressed clients), assigned IP address, as well as the client MAC address, router 
MAC address and RAI MAC address. In some network configurations, the network 

20 service management server 1 2 may have access to only a subset of the data which 
the network service management server 12 is capable of collecting. 

For example, in a routed cable network which uses a third party DHCP 
server, the network service management server 12 typically has access to only the 
router MAC address and the assigned IP address of the client. In such a network, 

25 the network service management server 12 maintains entries for several clients 
possessing the same router MAC address but client assigned IP addresses that are 
uniquely assigned to individual clients. 

The network service management system 12 is capable of identifying and 
processing clients by assigned IP addresses that are uniquely assigned to 

30 individual clients by the IP address assignment handler 80. This allows the server 
10 to handle routed clients even if the network service management server 12 is 
used for a routed cable network with a third party DHCP or does not receive DHCP 
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traffic, and the network service management server 12 sees no client MAC 
addresses. Situations where the network service management system 12 receives 
no DHCP traffic and therefore no client IVIAC addresses occur in routed cable 
networks which use a third party provisioning server as the sole provisioning agent 
5 or system 30 (Figure 4). 

The network service management server 12 sees the Internet-bound traffic 
in the form of (routermac, clientip), where "routermac" represents a router MAC 
address, and "clientip" represents the IP address of a client. The NAT module 44 
(Figure 2) creates multiple client entries in the registration driver based upon this 

10 traffic, with the client MAC = router MAC, i.e., as (clientmac, clientip). The client IP 
address is used to differentiate those multiple client entries. 

Thus, the network service management server 12 can operate solely upon 
client IP addresses. This allows the network service management server 12 to act 
more as a gateway with billing and location-related features, than as a provisioning 

15 gateway. 

The network service management server 12 may not receive traffic 
containing client MAC. In this case, if the routing CMTS offers an appropriate 
Management Information Base (MIB), then, the network service management 
server 12 can retrieve the client MAC in realtime from the routing CMTS when 

20 network service management server 12 tries to resolve a client's location. This 
occurs when a client is redirected to a menu for registration. This MIB must contain 
(MAC, IP) pairs, i.e., client MAC and IP address pairs, for the network entities which 
the CMTS routes. Here a client MAC is a CPE MAC or cable modem MAC, An 
example of this MIB is ipNetToMediaPhysAddress table. When such an MIB is 

25 available and contains an entry for the IP address in question, the network service 
management server 12 automatically and in realtime retrieves the corresponding 
MAC and updates the client entry to be (clientmac, clientip) from (routermac, 
clientip). This provides the network service management server 12 with more 
specific data for that client. 

30 While the network service management server 12 is capable of using 

assigned IP addresses as the unique identifier for its clients, the network service 
management server 12 may collect other information for clients when that 
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information is available to the network service management server 12. For 
example, when the network service management server 12 acts as the DHCP 
server for a routed cable network, the network service management server 12 has 
access to the client MAC addresses, and possibly the RAI MAC addresses, which 
5 are included in the DHCP packets. In that case, the network service rnanagement 
server 12 records these client MAC addresses, but still uses the client assigned IP 
addresses as unique identifiers for its clients. The other information which is 
collected, such as the MAC addresses, enables certain functionalities of the 
network service management server 12. For example, when the network service 

10 management server 12 has access to RAI MAC addresses, the network service 
management server 12 can perform the CPE location resolution using those RAI 
MAC addresses, as described below. 

The ability of using only the client assigned IP addresses as the unique client 
identifier allows the network service management server 12 to be integrated into a 

16 wide variety of network configurations. 

The SNMP daemon 46 shown in Figure 2 is described in detail. The SNMP 
daemon 46 allows the retrieval of client MAC from a MIB, such as 
ipNetToMediaPhysAddress table, and updates the client entry in the registration 
driver accordingly as described above. The SNMP daemon can also' read other 

20 standard and non-standard MIBs (as required) in order to perform location 
resolution. 

The SNMP daemon 46 may also resolve the CPE's location based upon 
assigned IP address, instead of only the client MAC address. This offers 
location-based functionality in routed environments in which the network service 
25 management server 12 does not have access to CPE MAC addresses (i.e. no 
DHCP traffic). 

The SNMP daemon 46 supports relevant DOCSIS MIBs on CMTSs for use 
in modem mapping and client MAC resolution, and supports some proprietary 
non-DOCSIS MIBs which offer CPE-modem association on, for example, Cisco 
30 UBR7000 series CMTS (trade-mark), Motorola CMTS (trade-mark), BSR64000 
CMTS (trade-mark), Arris 1000 / Arris 1500 CMTS (trade-mark). This allows the 
server 12 to perform location resolution using only SNMP functionality on these 
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CMTSs as opposed to using RAI-based location resolution. 

Cable modem mapping by cable modem information handler 48 shown in 
Figure 2 is now described in detail. The cable modem information handler 48 can 
map cable modems on a CMTS, i.e., retrieve and insert information regarding cable 
5 modems into the registration driver 40 and cable modem database 26 for use in 
CPE location resolution. It can map cable modems by referencing specific 
standard MIBs, such as standard DOCSIS MIBs on the CMTS. Thus, the cable 
modem information handler 48 can map cable modems on virtually any CIVITS to 
which the network service management server 12 has at least read-only SNMP 
10 ' access. 

The cable modem information handler 48 does not need to receive any 
unsolicited traffic, such as DHCP, TFTP, TOD, from cable modems 18 in order to 
map them. The network service management server 12 retrieves enough 
information about cable modems 18 from the MIBs on the CMTS 14. 

15 The network service management server 12 stores modem mappings for 

multiple CMTSs. This allows the network service management server 12 to offer 
full functionality to multiple CMTSs simultaneously. 

Graphical tools 64 include a tool for controlling, viewing, and editing the 
results of modem mapping. 

20 The cable modem information handler 48 allows discretionary modem 

mapping. It provides a means to specify inclusion or exclusion lists listing cable 
modem MAC to be included or excluded. Thus, the cable modem information 
handler 48 can control which cable modems should be mapped and which cable 
modems should not be mapped. This functionality is convenient when a CMTS is 

25 hosting cable modems which the network service management server 12 does not 
need to manage, or when the network service management server 12 performs 
different types of mapping on different groups of modems. 

There are two types of mappings: portless modem mapping and detailed 
modem mapping. Some cable modems have multiple ports or interfaces. 

30 Examples include ethernet, usb, and wireless interfaces. The portless mapping 
treats each cable modem as a single logical port without consideration of the 
number or types of the modem's interfaces. The detailed modem mapping maps 
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each individual port or interface on a cable modem as distinct logical ports. 

The portless modem mapping is much faster than detailed modem mapping, 
since the modem's standard interface MIBs do not need to be queried by the 
network service management server 12. 
5 The detailed mapping may take a long time. However, it allows the network 

service management server 1 2 to treat the cable modems 1 8 as managed network 
devices. Other managed network devices may be placed behind the cable 
modems, and the network service management server 12 can offer full functionality 
to all devices. 

10 When the cable modem 18 is mapped in accordance with the portless 

mapping, the port resolution by the network service management server 12 
determines from which modem a CPE's traffic is originating. 

When the cable modem 18 is mapped in accordance with the detailed 
mapping, the port resolution by the network service management server 12 

15 determines from which modem interface a CPE's traffic is originating. 

The network service management server 12 communicates with the cable 
modem 18 to perform the detailed mapping. The network service management 
server 12 does not need to communicate with the cable modem 18 to perform the 
portless mapping. 

20 Once a cable modem to which a CPE is connected is mapped, location 

resolution of the CPE can be performed. Figure 7 shows one example of the 
location resolution handler 52 of Figure 1B. The location resolution handler 52 has 
two CPE location resolution mechanisms: SNMP-based location resolution 90 and 
DHCP option based location resolution 92. The location resolution handler 52 

25 performs the CPE location resolution using either the mechanism 90 or 92. 

The location resolution handler 52 can perform SNMP-based location 
resolution 90 when the network service management system 12 knows the CPE 
MAC address, i.e., when it either receives CPE DHCP traffic or has access to the 
ipNetToMediaPhysAddress MIB on the CMTS 14. In the absence of CPE DHCP 

30 traffic, the location resolution handler 52 queries a proprietary MIB (i.e. 

non-DOCSIS MIB) on the CMTS 14. This MIB provides CPE MAC - cable modem 
MAC association. Thus, based on the known CPE MAC address, the location 
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resolution handler 52 can obtain the cable modem MAC address from the 
association and resolve the physical location of the cable modem using the 
information in the cable modem database 26. For this resolution 90, the CMTS 
should provide an adequate proprietary CPE MAC-cable modem MAC association 
5 MIB in response to the query. 

The location resolution handler 52 can perform DHCP Option based location 
resolution 92 when the network service management system 12 receives CPE 
DHCP traffic. The location resolution handler 52 automatically records the CPE's 
RAI MAC address based on the DHCP Option 82. The RAI MAC address is 

10 included in at least the CPE's DHCP DISCOVER packets, and in the CPE's client 
entry in the registration driver. 

This RAI MAC address will be the MAC address of the cable modem 18 to 
which the CPE 20 is connected. For modem DHCP DISCOVERS, the RAI MAC 
address is the same as the cable modem MAC. Therefore, if the network service 

15 management server 12 does not have access to a proprietary CPE-CM association 
MIB on the CMTS 14, and if the network service management server 12 receives 
CPE DHCP traffic, the network service management server 12 can use the RAI 
MAC address which it has recorded for the CPE in order to determine to which 
cable modem the CPE 20 is connected. 

20 When the cable modem 18 has been mapped in detail, the network service 

management server 12 can then proceed to query the modem's standard bridge 
MIBs to determine to which modem port the CPE is connected. 

According to the above embodiments of the present invention, a cable 
operator can choose to offer nomadic Internet services as a wide area provider 

25 across their entire network. The existing cable network continues to provide 

conventional cable modem residential and commercial Internet service. In addition, 
a cable company can extend its offering to include service to nomadic Internet 
users. 

The Internet service can be billed on a pay per use basis. The clients 
30 authenticate and may pay for service using credit cards, pre-pay cards, or a 
subscription account. Any location where a cable company presently offers 
network service via a cable modem is configured to operate as a pay per use public 
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Internet access node. 

Referring to Figure 6, additional components or functionalities included in 
the network service management server 12 are described. 

The network service management server 12 includes a packet driver 303. 
5 The packet driver 303 examines incoming packets. If the incoming packet is 
identified as a routed packet, the packet driver will assign an IP address equal to 
the original IP address. If the packet is a bridged packet, its MAC address is looked 
up in the registration driver 40. If this is the first time that this MAC address is 
encountered, then an IP address is assigned, and if the source IP address of the 

10 packet is a valid unassigned IP address, then that IP address will be assigned to 
that MAC address. Once the assigned IP address is determined, sanity tests are 
applied to ensure that the original IP address associated with the MAC has not 
changed in an unacceptable manner, if it has changed in an unacceptable manner 
then the entry is deleted, thus forcing the client to re-register if they were previously 

15 registered. If the assigned IP address is different from the original IP address in the 
client's packet then that IP address will be replaced with the assigned IP address in 
the IP or ARP header and the packet checksum recalculated according to the 
methods described in RFC-1624. If the packet contains a TCP or UDP packet then 
the checksum is further recalculated as above to account for the changed IP 

20 address in the pseudo-header associated with such packets as described in 
section 3.3 of RFC-1 631 . 

All outgoing packets have their source destination address looked up in the 
registration driver 40 (as an assigned IP address). If a matching entry is found then 
the original IP address is substituted provided it is non-zero and not equal to the 

25 current destination address. Then the packet's checksums are recalculated as 
described above for incoming packets. 

The network service management server 12 includes a packet filter input 
rules handler 305 and a packet filter forwarding rules handler 306 (referred to as 
packet filter rules handlers). The packet filter rules handlers 305, 306 allow packet 

30 filter rules that test the state of the registration entry flags for the source and/or 
destination addresses of packets. 

The network service management server 12 includes TCP/IP socket 
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interface 31 1, a soln daemon 315 and a command line interface 317. The TCP/IP 
socket interface 31 1 is tlie standard socket networking interface, sucli as an 
interface provided by Linux, Unix. 

Tlie soln daemon 315 is responsible for performing regular periodic backups 
5 of the registration driver. It also listens for UDP traffic on a specified port. The 
command line interface 317 offers an administrative and diagnostic tool to system 
administrators. It serves as a user space interface into the registration driver 40. It 
may be used to check the current state of the registration driver 40 or modify it. 

The network service management server 12 includes a POP server 313 for 

10 email service. A request to read or download mail is directed to the POP server 313 
if the client is attempting to access their e-mail without being registered. The POP 
server 313 limits the number of emails a client can send during a registration 
period. The POP server 313 counts the number of emails sent during the 
registration period. If the client exceeds a certain limit set by the administrator, the 

15 network service management server 12 will not permit any more emails to be sent 
by this client. This feature prevents the system from being used as a SPAM relay 
system. The registration period may be set in the registration driver 40. 

The network service management server 12 includes a registration Web 
server 310, and a redirection Web server 314. The registration Web server 310 

20 serves local content for the network service management server, which includes 
the registration Web pages, administrative Web pages, and configuration Web 
pages. 

The registration Web pages serve as a client's portal to the services 
provided by the network service management server 12. This includes registering 

25 for access to the Internet. The client may choose different methods of 

authentication, including port based or access code based. For example, in the 
port based authorization model, fee information is determined based upon their 
assigned IP address. For example, in access code based authentication, fee is 
determined based upon access codes which clients enter. The access codes may 

30 include prepaid access code and location based access code as described below. 
The administrative Web pages allow server administrators and staff to 
perform various tasks, including the checking current state of the registration driver, 
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manual registration changes, modification of the settings of tfie components 
included in the networl< service management server 12, displaying of system health 
variables, displaying of billing information, and displaying and generating of access 
codes. 

5 The redirection Web server 314 listens for http traffic on a special port. 

When the redirection Web server 314 receives an http request, it will send the client 
to the registration Web server 310. 

The network service management server 12 includes a standard 
open-source DNS server 312 to handle their DNS requests. 

10 As described above, the registration driver 40 maintains an original IP 

address, an assigned IP address, client MAC address, router iVIAC address and 
RAI MAC address. The registration driver 40 further includes timing parameters to 
allow fixed-length registration periods, as well as inactivity timeouts for unregistered 
clients. The timing parameters may include: a creation time, a registration time, a 

15 registration expiry, an entry expiry, a last used, and flags. The creation time 
parameter shows the time that the IP address was assigned this client. The 
registration time parameter shows the time that the client was registered for 
Internet access through the registration process. The registration expiry parameter 
shows the time that the registration is due to expire. The entry expiry parameter 

20 shows the time that the assigned IP address will be returned to the pool of free IP 
addresses. The last used parameter shows the last time there was traffic to/from 
the client system. The flags contain bit fields used to indicate the state and nature 
of a particular client (i.e. registered; DHCP; valid; permanent; etc.) 

The registration driver 40 maintains pools of both assigned IP addresses 

25 and unassigned IP addresses. The registration driver 40 maintains address pools 
for clients in a Virtual Private Network (VPN). 

As described above, the network service management server 12 provides 
multiple billing and payment options providing flexibility for MSOs and their 
customers, and has multiple features for registration/billing services. The network 

30 service management server 12 integrates with multiple billing systems, including 
cable account bills and property management billing systems in the hospitality 
industry. 
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The network service management server 12 may provide the following 
functionality or components for registration and billing services. 

Propertv IVIanaqement Svstem 1 way (PMS1 way) :The network service 
management server 12 has a PIVIS 1 way component for posting charges to a client 
5 folio in a local property, such as a guest folio in a hotel. The PIVIS 1 way component 
supports interfaces, such as Micros Fidelio, Hilton, Springer Miller, Bell HOBIC, 
HIS, Galaxy, MSI, Encore, Lodgistix, Hitachi HOBIC, System 21, Yesware, and 
ComtroL 

The network service management server 12 integrates with PMS allowing 
10 the charges for high speed internet access to appear on the user's folio. The guest 
simply selects the service when registering and the network service management 
server ports the charges directly to the folio of the hotel guest room via the PMS. 
This ensures that charges for high speed internet access usage appear on the 
guest bill. 

15 Propertv Management System 2 way (PMS 2 way) : The network service 

management server 12 has a PMS 2 way component for interacting with the 
property PMS system to post charges to a guest folio and to retrieve information 
from the PMS to present further authentication mechanisms, retrieve and apply 
discounting. The PMS 2 way component supports interfaces, such as Micros 

20 Fidelio. The PMS 2 way integration allows group discounts and customization of 
greetings, while supplying the guest with on-line billing information. The PMS 2 way 
component pulls data from the PMS database. 
This enables additional features such as: 

- Check In/Check Out Status: All traffic may be blocked until a hotel room 
25 has been checked in. This means that until a hotel guest has registered with the 

property, no one else (i.e., unauthorized user, a housekeeper, or property staff) can 
use the service. 

- Folio Review; This feature allows the guests to view their current hotel 
charges outline. 

30 - Discount: This feature allows the property to apply discounts to Internet 

charges based on PMS settings. 

- Name Lookup: This feature allows the property to retrieve guest 
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information from the PMS database. Witli tliis feature enabled, tlie property 
automatically customizes a registration page for each guest. 

RADIUS (Remote Authentication DiaMn User Service) Support : The 
network service management server 12 has a RADIUS support component for 
5 supporting RADIUS functionality. The RADIUS support component authenticates 
and authorizes information sent to a RADIUS server on the Internet. The client is 
capable of having a central account for configuration. 

The RADIUS support provides centralized account based authentication, 
permitting property owners the ability to offer brand-wide sales to major 
10 corporations and organizations. 

RADIUS manages customer accounts through user IDs and passwords. The 
network service management server 12 acts as a RADIUS client node and forwards 
user IDs and passwords to the RADIUS server for authentication. If there are 
multiple network service management server sites across the same brand, this 
15 feature allows property managers to user the same authentication information 
(username/password) at all participating sites. 

Credit Card Support: The network service management server 12 has a 
credit card support component for supporting credit card settlement for Internet 
usage. The client is allowed to pay for their Internet usage via their credit card. 
20 Once the credit card is authenticated by a third party authorization service, the 
client is granted Internet access. When configured for credit card authentication, 
the network service management server 12 routes credit information and charges 
securely to an Internet based transaction server for processing (such as Verisign, 
authorize.net). The network service management server 12 receives an approved 
25 or denied message in reply. 

Pre-Paid Access Codes: The network service management server 12 has 
a pre-paid access codes component for generating pre-paid access codes to 
authorize clients for Internet service. Similar to a phone calling card, the client 
enters the pre-paid access code to gain Internet access. The pre-paid card has an 
30 associated amount of time the client can connect to the Internet. 

Specific levels of service associated with the access code may be set up by 
blocks of time, service levels, bandwidth and/or type of IP address. Access codes 
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are designed for environments where the user will pay for the service at a desk or 
counter and receive a specific level of service. 

Users purchase an access code that is valid for predefined services and 
time. Once registered, a user is allowed to move from one room, or port to another. 
5 The pre-paid access codes component recognizes the user's unique MAC address 
and does not re-bill the user. 

For example, for conference or meeting rooms, access codes are generated 
for each port preventing fraudulent use. 

Location Based Access Codes : Properties may want to restrict access to a 
10 specific port, such as a port in a conference room, a business center or a lobby. 
The network service management server 12 supports such access restriction 
through location based access codes. A subscriber registers for service with an 
access code. 

Multiple Registration Periods : The network service management server 12 
15 offers multiple registration periods. The registration periods may be offered as 
options to a client requesting/registering for Internet service. 

Multiple Service Classes : The network service management server 12 
offers multiple service classes. The service classes, such as speed of service, 
public vs private IP assignment, connection times, are offered as options to a client 
20 requesting/registering for Internet service 

Bvte Based Billing : The network service management server 12 allows 
properties to bill the usage of the network. The network service management 
server 12 tracks client usage and bills by the amount of actual network traffic they 
have consumed, 

25 Time Based Billing : The network service management server12 allows 

properties to bill the minute, hour, day, week, month, year or decade, whatever 
parameters the property desires. The network service management server 12 
tracks the client connection time, which is similar to a long distance phone call. The 
client is charged by the number of minutes they are connected to the Internet. 

30 Alternatively, users may be charged incrementally on a per minute basis. 

The network service management server 12 may also have functionalities to 
provide the following services. 
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30 

Printing : The network service management server 12 offers a "driver-less" 
printing service. Clients using this feature select the service web page on the 
network service management server 12. They select the printing option. The 
system supports MS Office documents. Documents are uploaded to the network 
5 service management server 12, routed to a remote conversion server and returned 
to the server. The client has the option to preview the document before sending it 
to the printer. The property can charge a fee for the printing service. 

Walled Garden (Free Sites) : The network service management sever 
supports a free site list. Clients using the network service management server 12 

10 are capable of accessing only the web sites in the "free site" list until they have 
registered for Internet access. This feature has a set of tools that the site 
administrator can add/remove web sites from the list, 

Proxv Support : The network service management server 12 accommodates 
client browsers that have been configured to route their web requests through a 

15 proxy server. The network service management server 12 has administration tools 
for modifying proxy ports, such as adding new proxy ports. The network service 
management server 12 supports a plurality of proxy ports, such as 
(1080,3124,8000,8080), and further adds new proxy ports. Using the tools, the 
network service management server 12 offers seamless proxy support for client 

20 computers pre-configured with proxy ports enabled in their browsers. 

VPN Support : The network service management server 12 supports Virtual 
Private Network (VPN). The VPN support permits client computers to connect to 
remote VPN services through the network service management server 12. Clients 
register for VPN service on network service management server 12. The clients 

26 may register for this service through the registration web pages. Once the network 
service management server 12 authenticates the clients, the client computers start 
their VPN client software and securely tunnel over the Internet back to their 
corporate network. All network traffic between the client computer and the remote 
VPN server is encrypted. The VPN traffic supported by the network service 

30 management server 12 include the traffic for Point-to-Point Tunneling Protocol 
(PPTP) and IP Security (IPSEC) protocols. 

The above embodiments have been described using a cable modem 
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network. The network service management server 12 also integrates with various 
vendors hardware in addition to cable modems. 

Wireless Access Points : The network service management server 12 offers 
support for wireless access points. Generic wireless access points behave like a 
5 network hub. The network service management server 12 authenticates a client 
based on their MAC address. The network service management server 12 resolves 
location where the access point is connected to a managed switch. 

Wireless Bridges : The network service management server 12 integrates 
proprietary wireless bridges, which resolves the MAC address of the wireless 

10 bridge. If the MAC address of a wireless bridge is available, the wireless bridge is 
"mapped" to a guest room number. Using the capability, the network service 
management server 12 determines where a client is connecting from, and having 
resolved the actual room a guest is connected to allows the network service 
management server 12 to bill directly to the guesf s folio. 

15 The present invention may be applied to different networks operated by 

MSOs with appropriate modification. Different networks may comprise various 
network entities. An example of different MSO internal networks is shown in Figure 
8. The MSO internal network 100 comprises multiple network entities, including 
adapters which are capable of routing traffic from and to CPEs 20. The MSO 

20 internal network 100 are terminated with terminators 114 located in a network 

operating centre 106. The MSO network 100 may be Digital Subscriber Line (DSL) 
networks, or a network of satellites. 

For example, when the MSO internal network 100 is a DSL network , the 
network includes one or more DSL modems used as adapters 118 and one or more 

25 DSL concentrators used as terminators 114. DSL modems and DSL concentrators 
correspond to cable modems and CMTSs in the cable modem network described 
above, respectively. A DSL concentrator provides network traffic collection and 
relay services, similar to a CMTS in a cable modem network. DSL concentrators 
may be Digital Subscriber Line Access Multiplexers (DSLAMs). 

30 A network service management server 1 04, similar to network service 

management server 4 described above, integrates with the DSL concentrators and 
DSL modems. In the DSL network, DSL modems do not request IP addresses or 
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request TFTP configuration files. Accordingly, the network service management 
server 104 queries the DSL concentrators to obtain information regarding DSL 
modems connected to the DSL concentrators, and CPEs connected to the DSL 
modems. The network service management server 104 also queries the DSL 
5 concentrators to determine to which DSL a CPE is connected, e.g., resolve the 
room/port/DSL modem location from which a guest is connecting his/her CPE. This 
is similar to querying a switch port to retrieve the switch and port a client is 
connected to. This switch/port map is then mapped to a physical room in the local 
property. The DSL concentrators may use a standard bridge MIB (RFC 1493), or 

10 other proprietary methods to track this information. The network service 

management server 104 may perform, when appropriate, client data collection, 
network provisioning, client authorization and/or routing in similar manners in a 
cable modem network as described above. 

The embodiment described above may be implemented in hardware, 

16 software or in a combination of hardware and software. While particular 

embodiments of the present invention have been shown and described, changes 
and modifications may be made to such embodiments without departing from the 
true scope of the invention which is defined in the claims. 



